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Foreword 

This Technical Specification (TS) has been produced by ETSI Technical Conmiittee Smart Card Platform (SCP). 

The contents of the present document are subject to continuing work within TC SCP and may change following formal 
TC SCP approval. If TC SCP modifies the contents of the present document, it will then be republished by ETSI with 
an identifying change of release date and an increase in version number as follows: 

Version x.y.z 

where: 

X the first digit: 

early working draft; 

1 presented to TC SCP for information; 

2 presented to TC SCP for approval; 

3 or greater indicates TC SCP approved document under change control. 

y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, 
updates, etc. 

z the third digit is incremented when editorial only changes have been incorporated in the document. 



Introduction 

The present document defines how an Internet Protocol connection may be established between a UICC and a terminal 
connected through aUICC-Terminal Interface able to carry Internet Protocol packets, and how the UICC resources 
defined in ETSI TS 102 221 [11] may be accessed over this connection. Most telecommunication infrastructures rely on 
the Internet Protocol and therefore teleconmiunication terminals commonly implement the IP layers as standardized by 
the IETF RFC 791 [1] and by the new version in IETF RFC 2460 [7]. Connecting the UICC and the terminal at this 
level is expected to bring the following advantages: 

Leverage on existing standardization efforts: Applicative protocols relying on IP, e.g. running over TCP or 
UDP, have already been standardized for a wide variety of applications and may be used by UICC 
applications. 

Minimize UlCC-specific developments on the terminals; reuse what is already available on terminals rather 
than forcing specific developments. 

Facilitate connectivity of the UICC with standard network elements such as remote servers etc. 

The present document focuses on the establishment and configuration of a generic IP connection between the UICC and 
terminal, without addressing specific applications that may use this connection capability. 
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Scope 



The present document specifies the estabhshment and configuration of an Internet Protocol connection between a UICC 
and a terminal interfaced through a protocol that supports the transport of Internet Protocol packets. 

The way the Internet Protocol packets (or similar packets such as ARP) are transported over the UICC-Terminal 
interface is part of the UICC-Terminal interface specification and not within the scope of the present document. The 
present document focuses on the configuration and establishment of the Internet Protocol connection between the UICC 
and the terminal. 

The Internet Protocol connectivity defined in the present document may be used by applications such as the Smartcard 
Web Server [22]. 



References 



References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• In the case of a reference to an TC SCP document, a non specific reference implicitly refers to the latest 
version of that document in the same Release as the present document. 

• Non-specific reference may be made only to a complete document or a part thereof and only in the following 
cases: 

if it is accepted that it will be possible to use all future changes of the referenced document for the 
purposes of the referring document; 

for informative references, the latest version applies. In the case of a reference to an TC SCP document, a 
non specific reference implicitly refers to the latest version of that document in the same Release as the 
present document. 

Referenced documents which are not found to be publicly available in the expected location might be found at 
http://docbox.etsi.org/Reference . 

For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably, 
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the 
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the 
method of access to the referenced document and the full network address, with the same punctuation and use of upper 
case and lower case letters. 

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee 
their long term validity. 

2.1 Normative references 

The following referenced documents are indispensable for the application of the present document. For dated 
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document 
(including any amendments) applies. 

[ 1 ] IETF RFC 79 1 : "Internet Protocol" . 

NOTE: Available from http://www.ietf.org/rfc/rfc79 1 .txt . 

[2] IETF RFC 826: "An Ethernet Address Resolution Protocol". 

NOTE: Available from http://www.ietf.org/rfc/rfc826.txt . 
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[3] IETF RFC 792: "Internet Control Message Protocol". 

NOTE: Available from http://www.ietf.org/rfc/rfc792.txt . 

[4] IETF RFC 793 : "Transmission Control Protocol" . 

NOTE: Available from http : //www . ietf . or g/rf c/r f c7 9 3 . txt . 

[5] IETF RFC 2449: "P0P3 Extension Mechanism" . 

NOTE: Available from http://www.ietf.org/rfc/rfc2449.txt . 

[6] IETF RFC 1 122: "Requirements for Internet Hosts - Communication Layers". 

NOTE: Available from http://www.ietf.org/rfc/rfcll22.txt . 

[7] IETF RFC 2460: "Internet Protocol, Version 6 (IPv6)Specification". 

NOTE: Available from http://www.ietf.org/rfc/rfc246Q.txt. 

[8] IETF RFC 2463: "Internet Control Message Protocol (ICMPv6)for the Internet Protocol Version 6 

(IPv6) Specification" . 

NOTE: Available from http ://www.ietf .org/rfc/rfc2463 .txt . 

[9] IETF RFC 3022: "Traditional IP Network Address Translator (Traditional NAT)". 

NOTE: Available from http://www.ietf.org/rfc/rfc3Q22.txt . 

[10] IETF RFC 3314: "Recommendations for IPv6 in Third Generation Partnership Project (3GPP) 

Standards". 

NOTE: Available from http ://www.ietf .org/rfc/rfc3 3 1 4 .txt . 

[11] ETSI TS 102 221: "Smart Cards; UICC-Terminal interface; Physical and logical characteristics 

(Release 7)". 

[ 1 2] IETF RFC 246 1 : "Neighbor Discovery for IP Version 6 (IPv6)" . 

NOTE: Available from http://www.ietf.org/rfc/rfc246 1 .txt . 

[13] IETF RFC 2462:"IPv6 Stateless Address Autoconfiguration". 

NOTE: Available from http://www.ietf.org/rfc/rfc2462.txt . 

[14] IETF RFC 4294: "IPv6 Node Requirements". 

NOTE: Available from http://www.ietf.org/rfc/rfc4294.txt . 

[15] IETF RFC 429 1 : "IP Version 6 Addressing Architecture" . 

NOTE: Available from http://www.ietf.org/rfc/rfc429 1 .txt . 

2.2 Informative references 

[16] IETF RFC 2060: "Internet Message Access Protocol", version 4revl. 

NOTE: Available from http://www.ietf.org/rfc/rfc2060.txt . 

[17] IETF RFC 2246: "The TLS Protocol", version 1.0. 

NOTE: Available from http://www.ietf.org/rfc/rfc2246.txt . 

[18] IETF RFC 2616: "Hypertext Transfer Protocol - HTTP/1.1". 

NOTE: Available from http://www.ietf.org/rfc/rfc26 1 6.txt . 
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[19] IETF RFC 959: "File Transfer Protocol (FTP)". 

NOTE: Available from http://www.ietf.org/rfc/rfc959.txt . 

[20] IETF RFC 821:" Simple Mail Transfer Protocol" . 

NOTE: Available from http://www.ietf .org/rfc/rfc82 1 .txt . 

[21] IETF RFC 1034: "Domain Names - concepts and facilities". 

NOTE: Available from http://www.ietf.org/rfc/rfcl034.txt . 

[22] OMA-TS-Smartcard-Web-Server-Vl-0. 

NOTE: Available from http://www.openmobilealliance.org . 

[23] IETF RFC 768: "User Datagram Protocol". 

NOTE: Available from http://www.ietf.org/rfc/rfc768.txt . 

[24] ETSI TS 102 223: "Smart Cards; Card Application Toolkit (CAT)". 

[25] 3GPP TS 31.111: "Digital cellular telecommunications system (Phase 2+); Universal Mobile 

Telecommunications System (UMTS); Universal Subscriber Identity Module (USIM) Application 
Toolkit (US AT); (3GPPTS 31.111)". 

3 Definitions and abbreviations 

3.1 Definitions 

For the purposes of the present document, the following terms and definitions apply: 

application: computer program that defines and implements a useful functionality on a smart card or in a terminal 

NOTE: The term may apply to the functionality itself, to the representation of the functionality in a programming 
language, or to the realization of the functionality as executable code. 

file: directory or an organized set of bytes or records in the UICC 

3.2 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 

APDU Application Protocol Data Unit 

ARP Address Resolution Protocol 

DHCP Dynamic Host Configuration Protocol 

FTP File Transfer Protocol 

HTTP HyperText Transport Protocol 

ICC Integrated Circuit Card 

ICMP Internet Control Message Protocol 

IMAP Internet Message Access Protocol 

lEC International Electrotechnical Commission 

IP Internet Protocol 

ISO International Organization for Standardization 

NAT Network Address Translation 

POP Post Office Protocol 

RARP Reverse Address Resolution Protocol 

RFU Reserved for Future Use 

RST ReSeT 

SE Security Environment 

HTTPS Secure HyperText Transport Protocol 
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SMTP 


Simple Mail Transfer Protocol 


SSL 


Secure Sockets Layer 


TCP 


Transmission Control Protocol 


TLS 


Transport Layer Security 


TPDU 


Transfer Protocol Data Unit 


UDP 


User Datagram Protocol 


URI 


Universal Resource Identifier 


URL 


Universal Resource Locator 


USIM 


Universal Subscriber Identity Module 
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Terminal-UICC IP configuration 



This section is an introduction to the various configurations and uses of the IP UICC. A UICC supporting IP will be 
deployed with at least a local address. This address relates to a private network established between the UICC and the 
terminal, independently from other networks to which the terminal may be connected. 

The UICC shall be able to act as a combination of the following basic configurations: 

A TCP/IP or UDP/IP client of a server located on the terminal. 

A TCP/IP or UDP/IP server for a client located on the terminal. 

A TCP/IP or UDP/IP client of a server located in a network reachable through the terminal. 

A TCP/IP or UDP/IP server for a client located in a network reachable through the terminal. 

Depending on the final applications, the actual configuration may be a combination of these basic configurations. 

In the present document, the wording TCP/IP or UDP/IP_protocol includes any application protocol such as HTTP, 
FTP, POP, SMTP that may be enabled by TCP or UDP, i.e. the configuration targeted is not restricted to having a web 
server and web client on the card. 



4.1 



Local client on UICC 



In this configuration the UICC is a client for TCP/IP servers located on the terminal. This configuration is the simplest 
and does not require any routing or address translation. It requires however naming resolution inside the UICC, so that 
the UICC applications can resolve the server IP address from the terminal name (localterminal). 
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Name 
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Figure 1 
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4.2 



Local server on UICC 



In this configuration the UICC is a local server for a TCP/IP protocol, e.g. HTTP. The server is accessed only from the 
terminal. This configuration requires proper configuration of the terminal naming services, so that the terminal can 
resolve the UICC name (localuicc) to the UICC IP address. 
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4.3 Remote client UICC 



Figure 2 



This configuration allows the UICC to act as a client for TCP/IP servers located on the internet. The network 
configuration requires the following: 

• naming services, so that the UICC can resolve the internet server name to the internet server IP address. 

• routing services on the terminal, so that the card can send/receive IP packets to/from the internet server 
through the terminal 

• address translation when configured with an IPv4 address, so that on the internet, packets to and from the 
UICC have the IP address of the UICC replaced by the IP address of the terminal 
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Figure 3 
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4.4 



Remote server on UICC 



This configuration allows the UICC to act as a server for TCP/IP client located on a remote network (subject to 
limitations that may be set by the operator). The network configuration requires the following: 

• Naming services, so that the internet client can resolve the UICC server name to the UICC server IP address. 
The way address resolution is performed in the network is out of the scope of this specification. 

• Routing services on the terminal, so that the UICC can send/receive IP packets to/from the internet client 
through the terminal. 

• Address translation when configured with an IPv4 address, so that on the internet, packets to and from the 
UICC have the IP address of the UICC replaced by the IP address of the terminal. 

• Port forwarding when configured with an IPv4 address, so that the incoming connection request on some given 
port numbers will be rerouted to the UICC. For IPv4, two port numbers are defined by the IETF to be used by 
smart cards. The terminal shall route all the incoming traffic to these port numbers to the UICC. 
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Protocol Stack 



The protocol layers that are considered in this specification are represented in figure 5. 
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Figure 5: TCP/IP over UiCC-Terminal Interface protocol stack 

In figure 5, the IP, ARP, ICMP, TCP, UDP, TLS, HTTP and HTTPS layers are as standardized by the Internet 
Engineering Task Force (IETF) in references indicated below. 

A UICC and a terminal supporting the present specification shall support the following protocols: 

IP V6 (Internet Protocol Version 6) [7], Neighbor discovery [12] and ICMPv6 (Internet Control Message 
Protocol) [8]. 

IP V4 (Internet Protocol Version 4) [1] and ICMPv4 (Internet Control Message Protocol) [3]. 

TCP (Transport Control Protocol) [4] . 

UDP (User Datagram Protocol) [23] . 

ARP (Address Resolution Protocol) [2] which is used to retrieve the MAC address when the UICC-Terminal 
interface only carries Ethernet frames. 

DHCP (Dynamic Host Configuration Protocol) [5] in client mode for the UICC. 

Optionally, the following additional protocols may be supported: 

DHCP (Dynamic Host Configuration Protocol) [5] in server mode for the terminal- TLS (Transport Layer 
security, [17]) or other Security protocols as profiled in relevant ETSI specifications. 

DNS (Domain Name System) [21]. 

As an example applicative protocols could include HTTP (Hypertext Transport Protocol) [18] and HTTP Over TLS 
[17]. Other applicative protocols such as FTP (File Transfer Protocol) [19], SMTP (Simple Mail Transfer Protocol) 
[20], POP [5] and IMAP [16] may additionally be supported. 

Applications needing to access information stored in the UICC file structure defined in TS 102 221 [11] may define 
how this is performed using the applicative layer they rely on. For example, some applications may use HTTP URI 
requests while others may rely on FTP. 
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6 UICC and Terminal components requirements 

In the IETF terminology, an Internet communication system consists of interconnected packet networks supporting 
communication among host computers using the Internet protocols. The networks are interconnected using IP routers or 
gateways. A host computer is the ultimate consumer of communication services. 

We follow here the Requirements for Internet Hosts as defined in RFC 1 122 [6] for IPv4 and RFC 4294 [14] for IPv6. 

6.1 UICC IP layer 

Both IPv6 and IPv4 shall be supported, but support of IP fragmentation is not mandatory in IPv4. 

6.1 .1 IPv4 / IPv6 interworking 

To ensure a smooth transition and deployments, it is important to provide the capability to support IPv4 in addition to 
IPv6 for the foreseeable future. 

Depending on the destination address, the UICC will use the IP layer that matches this IP address. However, local 
communication between the terminal and the UICC shall use the IPv6 protocol, while the IPv4 layer is present to 
provide support for remote connection in the case of a legacy IPv4-only infrastructure. 

6. 1 .2 Address allocation 

The main difference between IPv6 and IPv4 is the address allocation mechanism. Due to the large amount of addresses 
available, there is no NAT mechanism for IPv6, every node connected on the network shall have its own address. 

There are two possibilities to allocate the address of an IPv6 node - stateless and stateful auto configuration. The 
stateful address allocation mechanism needs a DHCPv6 server to allocate the address. Following the IETF 
recommendations for IPv6 [10], the UICC will implement stateless address configuration. In this case, the network 
gateway assigns a prefix which is unique in the scope of a network activation (e.g. PDP context), the different nodes are 
in charge of self assigning a unique interface identifier. 

6.1 .2.1 Local Connection 

The allocation of the local IPv6 address of the UICC shall follow these steps: 

The UICC calculates its own local IPv6 address [13] from a unique value in the UICC (e.g. MD5 or SHA of 
the ICCID) with the universal bit of the interface identifier set to 1 as defined in IETF RFC 4291 [15]. This 
calculation can be done both in the network gateway and the UICC, avoiding creating a field in the subscriber 
database. 

The UICC sends a multicast Neighbor Solicitation message to the terminal. This message will be used by the 
terminal to discover the UICC's address suffix. 

The Terminal sends a Neighbor Advertisement message to the UICC using the previously discovered UICC 
address. This message will be used by the UICC to get the terminal's address suffix. This specification makes 
no assumption on the way to allocate the terminal address suffix. Support of duplicate address detection is not 
required. 

At this stage, the terminal and the UICC have established a local connection and resolved their respective addresses. It 
should be noted that the stateless configuration is used for the local network configuration. The same procedure can be 
used for a locally connected equipment. 

6.1 .2.2 Remote Connection 

The establishment of a remote connection to the network gateway for the UICC is triggered by any packet sent by the 
UICC with an address out of the scope of the local network. In IPv6, the first message sent by the UICC shall be a 
router solicitation message. 
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6.1 .2.2.1 IPv4 address allocation 

The present version relies on fixed address allocation, statically allocated by the terminal and the UICC as follows: 

UICC IP address: 192.168.0.1. 

Terminal IP address: 192.168.0.2. 

In case a DHCP server is present in the terminal, the IP address range provided by this DHCP server shall exclude the 
IP addresses above. 

6.1 .2.2.2 IPv6 address allocation 

The UICC sends a router solicitation message to the terminal 

If the terminal needs some network activation parameters, they should be retrieved as described in the "Terminal IP 
components" section of the present document.The terminal does the network activation if no appropriate connection is 
available. 

The terminal sends back a router advertisement message to the UICC. This message may be generated by the terminal 
itself or be a forwarded from the network. 

Based on the previously received message, the UICC set its address prefix according to the prefix received in the router 
advertisement.The UICC is now ready to send messages over the network. 

6.2 Local naming 

To resolve the local name of the UICC, the following mechanism shall be implemented in the UICC. 

6.2.1 Static resolution 

In order to facilitate application development and interoperability, the ME shall be referenced by localterminal and the 
UICC by localuicc. 

6.3 Summary of terminal and UICC configuration 
6.3.1 UICC Configuration 

6.3.1.1 IPv4 

IP address: 192.168..0.1. 

Network mask: 255.255.255.0. 

Operator's name server. 

The UICC network routing table shall be shall be the following: 



Network Destination 


Gateway 


Netmasl< 


Interface 


192.168.0.0 


* 


255.255.255.0 


UlCC-Terminal interface 


127.0.0.1 


* 


255.0.0.0 


Loopback interface 



6.3.1.2 IPv6 

In IP v6, the UICC address shall be dynamically configured according to stateless configuration mode [13]. 
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6.3.2 Terminal Configuration 

6.3.2.1 IPv4 

IP address: 192.168.0.2. 

Network mask: 255.255.255.0. 

The terminal network routing table shall be the following: 



Network Destination 


Gateway 


Netmasic 


Interface 


192.168.0.0 


* 


255.255.255.0 


UlCC-Terminal interface 


127.0.0.1 


* 


255.0.0.0 


Loopback interface 


Default 


x.x.x.x 


0.0.0.0 


Network interface (operator dependant) 



6.3.2.2 IPv6 

In IP v6, the terminal address shall be dynamically configured according to stateless configuration mode [13]. 

6.4 Terminal IP Components 

6.4.1 Connection setting 

The network activation by the terminal for the UICC is triggered by an IPv6 router solicitation message sent by the 
UICC, or by any message sent by the UICC to a non local address when using IPv4. The terminal may use an already 
existing network activation context provided that its parameters are compatible with those requested by the UICC. 
Otherwise a new network activation shall be done. 

The way to retrieve the network activation parameters to be used by the terminal for the UICC shall be specified by the 
application. The list and format of the connection activation parameters for common network technologies are described 
in annex B of the present document and may be complemented by the application specification. 

6.4.2 Routing, Network Address Translation and port forwarding 

The terminal shall forward incoming IP packets from the UICC to the Internet interface using the UICC APN, and 
responses from the network to the UICC. 

When IPv4 addresses are used, the terminal shall perform Network Address Translation (NAT) as per RFC 3022 [9], so 
that the UICC can perform IP sessions with external servers. 

The incoming remote IPv4 connections to the following TCP / UDP ports shall also be forwarded to the UICC: 



smart card-port 
smart card-port 
smartcard-tls 
smartcard-tls 



3516/tcp Smartcard Port 

3516/udp Smartcard Port 

4116/tcp smartcard-TLS 

4116/udp smartcard-TLS 



In IPv6 since the UICC has its own public address no port forwarding or NAT mechanism is necessary. 
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Annex A (informative): 

Connection of a local equipment to the terminal and UICC 

It is assumed that configurations similar to those described in the present document may also be available for an 
equipment locally connected to the terminal. Such connections are device dependent and should therefore be specified 
on an application basis. Depending on the terminal configuration, NAT and port forwarding may not be necessary in the 
terminal. 



Locally connected 
devi ce (e.g. PC) 



TCP/IP client/ 
Server 







Terminal 


1 


1 


UICC 






routing 


















1 


1 


\ 




! 


\ 



TCP/IP server/ 
Client 



I 



J 



Name Server or 

Name 

Resolution 



Figure A.1 
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Annex B (informative): 

Definition of the connection activation parameters for 

common network technologies 

The activation parameters that are necessary to initiate a connection depend on the nertwork technologies. This annex 
provides the Hst of activation parameters that are used for the commonly encountered network technologies. 

The connection activation parameters are the following: 

• Network Access Name (optional). 

• Bearer Description (Mandatory). 

• Local Address (optional). 

• Data destination address (conditional). 

These parameters are described in TS 102 223 [24] under the description of the OPEN CHANNEL proactive command 
related to Packet Data service bearer, and further precised in the relevant technology- specific documents, 
i.e. 3GPP TS 3L111 [25] for 3GPP and 3GPP2 C.S0035-A for 3GPP2. 
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Annex C (informative): 
Bibliography 

IETF RFC 4311: "IPv6 Host-to-Router Load Sharing". 

NOTE: Available from http://www.ietf.org/rfc/rfc43 1 1 .txt . 
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